|
Part 1. Implementation resources |
|
1 |
A Guide to Implementing the ISO-IEC 27001 Standard |
45 pages |
|
2 |
ISO27001 In Simple English |
19 pages |
|
3 |
ISO-IEC 27001 Toolkit V8 Completion Instructions |
5 pages |
|
4 |
ISO-IEC 27001 Toolkit V8 Release Notes |
1 sheet |
|
5 |
Information Security Management System PID |
20 pages |
|
6 |
ISO-IEC 27001 Benefits Presentation |
9 slides |
|
7 |
ISO-IEC 27001 Project Plan (Microsoft Project format) |
1 page |
|
8 |
ISO-IEC 27001 Project Plan (Microsoft Excel format) |
1 sheet |
|
9 |
ISO27001-17-18 Gap Assessment Tool - Requirements based |
25 sheets |
|
10 |
ISO-IEC 27001 Assessment Evidence |
2 sheets |
|
11 |
ISO-IEC 27001 Progress Report |
2 pages |
|
12 |
ISO27001-17-18 Gap Assessment Tool - Questionnaire based |
25 sheets |
|
13 |
Certification Readiness Checklist |
1 page |
|
Part 2. Context of the organization |
|
14 |
Information Security Context, Requirements and Scope |
19 pages |
|
Part 3. Leadership |
|
15 |
Information Security Management System Manual |
11 pages |
|
16 |
Information Security Roles, Responsibilities and Authorities |
17 pages |
|
17 |
Executive Support Letter |
4 pages |
|
18 |
Information Security Policy |
14 pages |
|
19 |
Meeting Minutes Template |
1 page |
|
Part 4. Planning |
|
20 |
Information Security Objectives and Plan |
16 pages |
|
21 |
Risk Assessment and Treatment Process |
22 pages |
|
22 |
Asset-Based Risk Assessment Report |
13 pages |
|
23 |
Scenario-Based Risk Assessment Report |
13 pages |
|
24 |
Risk Treatment Plan |
11 pages |
|
25 |
Asset-Based Risk Assessment and Treatment Tool |
13 sheets |
|
26 |
Statement of Applicability |
4 sheets |
|
27 |
Scenario-Based Risk Assessment and Treatment Tool |
11 sheets |
|
28 |
Opportunity Assessment Tool |
6 sheets |
|
29 |
EXAMPLE Risk Assessment and Treatment Tool |
14 sheets |
|
Part 5. Support of the ISMS |
|
30 |
Information Security Competence Development Procedure |
16 pages |
|
31 |
Information Security Communication Programme |
13 pages |
|
32 |
Procedure for the Control of Documented Information |
17 pages |
|
33 |
ISMS Documentation Log |
2 sheets |
|
34 |
Information Security Competence Development Report |
13 pages |
|
35 |
Awareness Training Presentation |
24 slides |
|
36 |
Competence Development Questionnaire |
3 sheets |
|
37 |
EXAMPLE Competence Development Questionnaire |
3 sheets |
|
Part 6. Operation of the ISMS |
|
38 |
Supplier Information Security Evaluation Process |
17 pages |
|
Part 7. Performance Evaluation |
|
39 |
Process for Monitoring, Measurement, Analysis and Evaluation |
13 pages |
|
40 |
Procedure for Internal Audits |
10 pages |
|
41 |
Internal Audit Plan |
10 pages |
|
42 |
Procedure for Management Reviews |
13 pages |
|
43 |
Internal Audit Report |
15 pages |
|
44 |
Internal Audit Schedule |
2 pages |
|
45 |
Internal Audit Action Plan |
1 page |
|
46 |
Management Review Meeting Agenda |
4 pages |
|
47 |
Internal Audit Checklist |
21 pages |
|
Part 8. Improvement |
|
48 |
Procedure for the Management of Nonconformity |
10 pages |
|
49 |
Nonconformity and Corrective Action Log |
4 sheets |
|
50 |
EXAMPLE Nonconformity and Corrective Action Log |
4 sheets |
|
Section A5. Security Policies |
|
51 |
Information Security Summary Card |
2 pages |
|
52 |
Internet Acceptable Use Policy |
11 pages |
|
53 |
Cloud Computing Policy |
9 pages |
|
54 |
Cloud Service Specifications |
12 pages |
|
Section A6. Organisation of Information Security |
|
55 |
Segregation of Duties Guidelines |
12 pages |
|
56 |
Authorities and Specialist Group Contacts |
2 sheets |
|
57 |
Information Security Guidelines for Project Management |
14 pages |
|
58 |
Mobile Device Policy |
12 pages |
|
59 |
Teleworking Policy |
11 pages |
|
60 |
Segregation of Duties Worksheet |
1 sheet |
|
61 |
EXAMPLE Segregation of Duties Worksheet |
1 sheet |
|
62 |
EXAMPLE Authorities and Specialist Group Contacts |
2 sheets |
|
Section A7. Human resources security |
|
63 |
Employee Screening Procedure |
10 pages |
|
64 |
Guidelines for Inclusion in Employment Contracts |
10 pages |
|
65 |
Employee Disciplinary Process |
12 pages |
|
66 |
Employee Screening Checklist |
1 page |
|
67 |
New Starter Checklist |
2 pages |
|
68 |
Employee Termination and Change of Employment Checklist |
3 pages |
|
69 |
Acceptable Use Policy |
10 pages |
|
70 |
Leavers Letter |
4 pages |
|
Section A8. Asset Management |
|
71 |
Information Asset Inventory |
2 sheets |
|
72 |
Information Classification Procedure |
12 pages |
|
73 |
Information Labelling Procedure |
10 pages |
|
74 |
Asset Handling Procedure |
14 pages |
|
75 |
Procedure for the Management of Removable Media |
15 pages |
|
76 |
Physical Media Transfer Procedure |
11 pages |
|
Section A9. Access Control |
|
77 |
Access Control Policy |
14 pages |
|
78 |
User Access Management Process |
19 pages |
|
Section A10. Cryptography |
|
79 |
Cryptographic Policy |
12 pages |
|
Section A11. Physical and environmental security |
|
80 |
Physical Security Policy |
11 pages |
|
81 |
Physical Security Design Standards |
14 pages |
|
82 |
Procedure for Working in Secure Areas |
9 pages |
|
83 |
Data Centre Access Procedure |
10 pages |
|
84 |
Procedure for Taking Assets Offsite |
12 pages |
|
85 |
Clear Desk and Clear Screen Policy |
9 pages |
|
86 |
Equipment Maintenance Schedule |
2 sheets |
|
Section A12. Operations security |
|
87 |
Operating Procedure |
10 pages |
|
88 |
Change Management Process |
17 pages |
|
89 |
Capacity Plan |
11 pages |
|
90 |
Anti-Malware Policy |
13 pages |
|
91 |
Backup Policy |
9 pages |
|
92 |
Procedure for Monitoring the Use of IT Systems |
12 pages |
|
93 |
Software Policy |
10 pages |
|
94 |
Technical Vulnerability Management Policy |
12 pages |
|
95 |
Technical Vulnerability Assessment Procedure |
14 pages |
|
96 |
Information Systems Audit Plan |
13 pages |
|
97 |
EXAMPLE Operating Procedure |
16 pages |
|
Section A13. Communications security |
|
98 |
Network Security Policy |
15 pages |
|
99 |
Network Services Agreement |
22 pages |
|
100 |
Information Transfer Agreement |
11 pages |
|
101 |
Information Transfer Procedure |
11 pages |
|
102 |
Electronic Messaging Policy |
12 pages |
|
103 |
Schedule of Confidentiality Agreements |
2 sheets |
|
104 |
Non-Disclosure Agreement |
11 pages |
|
Section A14. System acquisition, development and maintenance |
|
105 |
Requirements Specification |
15 pages |
|
106 |
Secure Development Policy |
16 pages |
|
107 |
Principles for Engineering Secure Systems |
17 pages |
|
108 |
Secure Development Environment Guidelines |
11 pages |
|
109 |
Acceptance Testing Checklist |
14 pages |
|
Section A15. Supplier relationships |
|
110 |
Information Security Policy for Supplier Relationships |
12 pages |
|
111 |
Supplier Information Security Agreement |
17 pages |
|
112 |
Supplier Due Diligence Assessment Procedure |
10 pages |
|
113 |
Supplier Due Diligence Assessment |
2 pages |
|
114 |
Cloud Supplier Questionnaire |
3 pages |
|
115 |
EXAMPLE Supplier Due Diligence Assessment |
2 pages |
|
Section A16. Information security incident management |
|
116 |
Information Security Event Assessment Procedure |
13 pages |
|
117 |
Information Security Incident Response Procedure |
24 pages |
|
Section A17. Information security aspects of business continuity
management |
|
118 |
Business Continuity Incident Response Procedure |
35 pages |
|
119 |
Business Continuity Plan |
30 pages |
|
120 |
Business Continuity Exercising and Testing Schedule |
10 pages |
|
121 |
Business Continuity Test Plan |
12 pages |
|
122 |
Business Continuity Test Report |
14 pages |
|
123 |
Availability Management Policy |
10 pages |
|
Section A18. Compliance |
|
124 |
Legal, Regulatory and Contractual Requirements Procedure |
11 pages |
|
125 |
Legal, Regulatory and Contractual Requirements |
2 sheets |
|
126 |
IP and Copyright Compliance Policy |
15 pages |
|
127 |
Records Retention and Protection Policy |
12 pages |
|
128 |
Privacy and Personal Data Protection Policy |
13 pages |
|
129 |
EXAMPLE Legal, Regulatory and Contractual Requirements |
2 sheets |
English
IT toolkit has REVOLUTIONIZED our IT, It forms the bedrock of our SOP toolkit, enables us to generate run books and has dramatically lowered the cost of training new IT staff, while increasing user's satisfation .
Once we implemented IT Toolkit, all of that changed. Now we have an IT final plan that looks professional, is well organized and makes it easy for everyone to find the information that they need.
The responses from clients has been very positive as well. Even the ones who have the information don't have it as wellorganized as we do and they really appreciate having everything together. Most importantly, we are becoming more efficient and that leads to greater IT Manager!
The toolkits provides a framework for a best practice implementation - where if your best practice changes or refines, your entire documentation environment follows.
The IT Toolkit brings order to the chaos of managing and delivering on documentation for our clients. It has let me reduce the burden on my engineers managing documentation and allowed them to focus back on the client. It's a game changer .
I have been searching for a good tool that will help avoid duplicate entries for documentation purposes. The IT Toolkit did just that and more. All of our engineers absolutely love this tool. We eliminated 2 tools and replaced them with the IT Toolkit which is much more effective and faster.
The step-by-step IT Toolkit is easy to use and there is zero ramp up time - you can read this clearly laid out ebook and implement right away. I appreciate that you make the process easier on my clients and still give them 100% control.
The IT Toolkit gives me a broader understanding of the use and efficency of IT management. It presents a friendly, easy way to do something I've known would be good for me.
The toolkit is helping organize my thoughts and training methods with our IT Inside crew already.
Excellent IT Toolkits. It is a must for all CIO and technology managers.
A very useful toolkit. It's one of the best tools I have ever taken. I wish all IT managers could take it.
These toolkits have helped me gain confidence in my ability and empowered me to be an IT manager.